Authentication
Suggestic supported authentication methods
Our GraphQL API currently supports two authentication methods that you can use depending on your case and needs JWT Authentication and API Token Authentication.
JWT Authentication
Use JWT to implement the client-side authentication system only
This method requires a valid user and password and returns a JWT that can be used to consume the GraphQL API.
POST
https://production.suggestic.com/api/v1/login
Request Body
string
User email
password
string
User password
Once this request is sent, the following information is displayed:
How to use a Bearer Authentication within graphQL
Once you log in, open your Grapqhl Playground; in the authentication section, add the following header
When a JWT authentication is used in GraphQL, it is not required to add the sg-user header.
For example:
The following query retrieves the information of a meal plan by giving the bearer token
cURL Request with Bearer token
The bearer token is sent to the server with the 'Authorization: Bearer {token}'
authorization header.
In the following example, we are getting the shopping list request.
Refresh Token
For security purposes, the access token expires after 2 hours. Once expired, your client applications may use a refresh token to “refresh” the access token.
You may obtain a refresh token using the login
mutation.
Using JWT without a user's password
If you are not using Suggestic as your identity provider, you can still obtain a JWT from the API using the login
mutation. This should be done from your backend using the standard API token authentication.
In this case, you can expect your authentication flow to be as follows:
Authenticate the user on your frontend with your implementation.
Request a JWT on your backend, on behalf of the user, via a request to the Suggestic API using your API key and the user’s ID.
Pass the JWT to your frontend.
The frontend then uses that JWT for all future Suggestic API calls.
API Token Authentication
Use the API authorization token provided on server-side applications only
Use this authentication method to access the API "on behalf" of your users.
To use this method, you require a valid API token and a user id. Add these to a custom HTTP Header, as shown below.
POST
https://production.suggestic.com/graphql
Important: if you are using a production API key, make sure you call the production environment on http://production.suggestic.com/graphql
Headers
sg-user
string
User UUID Eg. value: `ffffe9fa-3b49-4050-80d1-06129a722d0b`
Authorization
string
A valid token Eg. value: `Token 7b9f6fd852faba099be1984c97124b7f8d776f26`
Do not use your API token on client-side authentication. If so, please request a new token.
Clients/Partners API Token
Partners/clients which have an isolated database will need to authenticate by using a different HTTP header named Suggestic-Partner
. Use it as it is explained below:
Examples
cURL Example
To query GraphQL using cURL, make a POST
request with a JSON payload. The payload must contain a string called query
:
Note: The string value of "query" must escape newline characters, or the schema will not parse it correctly. For the POST body, use outer double quotes and escaped inner double quotes.
If you need to use your partner/client header, use the following cURL
Python Example
If you need to use your partner/client header, replace sg-user
with the Suggestic-Partner
information
Last updated